Fortify integration with Maven - install

java eclipse maven fortify fortify-source
Rory Lester picture Rory Lester · Aug 2, 2015 · Viewed 25.7k times · Source

I want to run a Fortify scan against a Maven Eclipse project.

Where should I start?

I understand that I need to update my pom.xml file to include the Fortify plugin however do I also require to have Fortify SCA installed on my machine? (I'm running MacOS X). I have been trying to find a place to download Fortify SCA but have not been able find it.

I would appreciate it if someone could share some links to point me in the right direction in getting the setup complete.

Answer

Prokis picture Prokis · Aug 26, 2016

Actually profiles are not needed, only the plugin configuration.

<build>
    <plugins> 
        <plugin>
            <groupId>com.fortify.ps.maven.plugin</groupId>
            <artifactId>sca-maven-plugin</artifactId>
            <version>4.30</version>
            <configuration>
                <findbugs>true</findbugs>
                <htmlReport>true</htmlReport>
                <maxHeap>800M</maxHeap>
                <source>myJavaVersion</source>
                <buildId>myBuildId</buildId>
                <verbose>true</verbose>
                <skipTests>true</skipTests>
                <toplevelArtifactId>myTopLevelId</toplevelArtifactId>
            </configuration>
        </plugin>
    </plugins>
</build>

By using a single Jenkins job you can write, as a pre-step, a shell script:

mvn clean sca:clean -DskipTests
mvn sca:translate -DskipTests

And then define the actual "Goals and options" as:

install sca:scan -DskipTests

Having them as separate command lines is the only way to have the sca-clean,translate and scan (and report file sending to Fortify) done in one Jenkins job.

Hope this works for you too!

Related questions

No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?

I'm compiling a project in Eclipse using m2eclipse. I set the JDK path in Eclipse like this: Windows-->preferences-->installed jres--> jdk1.7.xx path But this is showing an error [ERROR] COMPILATION ERROR : [INFO] ------------------------------------------------------------- [ERROR] …

Read More
The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build Path

I have a project created by Maven integration in Eclipse. All work fine, but in the work space in all JSP files have this: The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build Path To the …

Read More
Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin:2.5 or one of its dependencies could not be resolved

org.apache.maven.plugin.PluginResolutionException: Plugin org.apache.maven.plugins:maven-resources-plugin:2.5 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-resources-plugin:jar:2.5 at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolve(…

Read More